I tried using okta-oidc-js/packages/okta-react at master · okta/okta-oidc-js · GitHub to work with my company’s okta setup (which does not support other response types: OAuthError: The response type is not supported by the authorization server. Configured response types: [code].), but it doesn’t support response_type of code properly and always tries to read the token from the callback url that has the state/nonce instead of verifying they match and then making another request for the token. I think that it’s because of this line: https://github.com/okta/okta-oidc-js/blob/master/packages/okta-react/src/Auth.js#L42 which really should see if the response type is code and if so do something different.
My App is:
class App extends Component {
render() {
return (
<React.StrictMode>
The okta-react library only supports the OAuth 2.0 Implicit Flow, so requesting an authorization code without a clientSecret or code_challenge (see PKCE) will throw an error from the API.
Therefore, only the following response_type values are permitted:
token
id_token
token id_token
To help us understand your use case a bit better, is there a specific reason you’re requesting a code over getting the tokens directly?
Thanks for the reply. I am checking with my admins as to why we only support the code response type.
Also, I tried changing the CustomLogin as follows after realizing that the default responseMode for the response type of code is query which will not work with parseFromUrl, but then I ended up in an infinite redirect loop: